Researchers Find Wireless Hack Can Unlock 100 Million Volkswagens

More bad news for Volkswagen owners: A hacker could unlock your car using a simple wireless device. About 100 million VWs going back to 1995, as well as models from several other brands, are vulnerable to the hack, according to a report from researchers at the University of Birmingham and German engineering firm Kasper & Oswald.

This finding could place more than 100 million owners of Volkswagens and other brands at risk of having their car broken into, or even worse, stolen.

This news marks the second consecutive year that Volkswagen has been involved in a major automotive scandal that affects tens of millions of consumers. Last year, Volkswagen was found to be lying about its clean diesel engines when it was revealed that the engines were not clean, and in fact were harmful to the environment.

That scandal culminated with the US Department of Justice filing a lawsuit against Volkswagen for their deceptive business practices on top of the class action lawsuit brought by consumers.

How Can Hackers Break into Volkswagens?

Although there was no deception on the part of Volkswagen, consumers are more affected by this scandal because Volkswagen’s security systems potentially leave their vehicles vulnerable to hackers.

The researchers found this vulnerability after some “tedious reverse engineering” of a component in a Volkswagen vehicle’s software revealed a single cryptographic key used by millions of vehicles that they were able to extract, according to Wired.

When that internal number is coupled with the unique signal that comes from each vehicle’s key fob upon pressing the lock or unlock button — which can be intercepted using a $40 dollar piece of technology that intercepts radio signals — researchers found that a person can gain access to the vehicle, the Wired article says.

This process is easier said than done, though. There are several internal cryptographic keys used by Volkswagen, each located in different components of the software depending on the make and model. Any prospective thief would need to identify the component and extract the key, something that takes time and skill. They would then need to be within a few hundred feet of a vehicle and wait for someone to press a button on their key fob to intercept its unique signal, according to Wired.

For obvious reasons, the researchers did not reveal the components that housed the cryptographic keys, but if the surge in recent email hacks and data breaches has taught us anything, it has revealed that there are some very skillful and highly motivated hackers who, with time and effort, can do just about anything with a computer.

Should those cryptographic keys be identified, Volkswagen consumers from the last 20 years would have a big problem, because there are only four cryptographic keys used in the 100 million vehicles sold during that period.

Volkswagen is now beginning to phase out this antiquated technology, but only in some models, like the VW Golf 7.

Ford, Fiat, Others Also Could be Affected

On top of the Volkswagen findings, the researchers were also able to identify another way for hackers to steal cryptographic keys and break into vehicles. This second scheme, known as HiTag2, is not as difficult to pull off, and involves using a radio signal interceptor to intercept codes from the driver’s key fob, including one rolling code number that changes with each press of the button, according to Wired.

Using these codes, the researchers found they were able to identify the correct code needed to unlock the vehicle in less than one minute. This scheme could affect owners of Alfa Romeo, Citroen, Fiat, Ford, Mitsubishi, Nissan, Opel, and Peugeot, reports say.

Can Car Owners Do Anything to Prevent This?

In their report, the researchers were not optimistic that car manufacturers will be able to quickly and efficiently fix this security issue. Yet, there are still some steps that consumers can take to avoid having their car getting broken into and potentially stolen.

The researchers recommend not leaving any valuables in the car, and even said they should consider giving up on wireless key fobs in favor of manually locking and unlocking their car door — if possible.

Despite the issues this could potentially cause consumers and manufacturers today, it is better that these inadequate security features are identified now rather than later. As cars are run by software more and more each year, and with self-driving technology right around the corner, vehicle security is of paramount importance. Hopefully by the time self-driving technology is fully functional, vehicle security will have caught up to it.